public static IDataProtectionBuilder ProtectKeysWithDpapiNG(this IDataProtectionBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.ProtectKeysWithDpapiNG( protectionDescriptorRule: DpapiNGXmlEncryptor.GetDefaultProtectionDescriptorString(), flags: DpapiNGProtectionDescriptorFlags.None)); }
public void Encrypt_Decrypt_RoundTrips() { // Arrange var originalXml = XElement.Parse(@"<mySecret value='265ee4ea-ade2-43b1-b706-09b259e58b6b' />"); var encryptor = new DpapiNGXmlEncryptor("LOCAL=user", DpapiNGProtectionDescriptorFlags.None, NullLoggerFactory.Instance); var decryptor = new DpapiNGXmlDecryptor(); // Act & assert - run through encryptor and make sure we get back an obfuscated element var encryptedXmlInfo = encryptor.Encrypt(originalXml); Assert.Equal(typeof(DpapiNGXmlDecryptor), encryptedXmlInfo.DecryptorType); Assert.DoesNotContain("265ee4ea-ade2-43b1-b706-09b259e58b6b", encryptedXmlInfo.EncryptedElement.ToString(), StringComparison.OrdinalIgnoreCase); // Act & assert - run through decryptor and make sure we get back the original value var roundTrippedElement = decryptor.Decrypt(encryptedXmlInfo.EncryptedElement); XmlAssert.Equal(originalXml, roundTrippedElement); }
/// <summary> /// Configures keys to be encrypted with Windows CNG DPAPI before being persisted /// to storage. The keys will be decryptable by the current Windows user account. /// </summary> /// <returns>The 'this' instance.</returns> /// <remarks> /// See https://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx /// for more information on DPAPI-NG. This API is only supported on Windows 8 / Windows Server 2012 and higher. /// </remarks> public DataProtectionConfiguration ProtectKeysWithDpapiNG() { return(ProtectKeysWithDpapiNG( protectionDescriptorRule: DpapiNGXmlEncryptor.GetDefaultProtectionDescriptorString(), flags: DpapiNGProtectionDescriptorFlags.None)); }